Dutch proposal to search and destroy foreign computers

Deel dit artikel

On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal.

search data on the computer, including data on computers located in other countries; and

destroy data on the computer, including data on computers located in other countries.

If the location of the computer cannot be determined, for example in the case of Tor-hidden services, the police is not required to submit a request for legal assistance to another country before breaking in. Under the current text, it is uncertain whether a legal assistance request would be legally required, or merely preferred, if the location of the computer is known. The exercise of these powers requires a warrant from a Dutch court.

Hacking proposal poses unacceptable cybersecurity risk

This proposal poses unacceptable risks. If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests.

Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes.

In addition, spyware is difficult to control. Research from the Chaos Computer Club demonstrates that, even though spyware from the German police was intended to be used to intercept only Skype calls, it could in practice be extended to take over the entire computer. In addition, the spyware itself could be remotely hacked by criminals as well, allowing them to take over the computer of a suspect.

The risks above do not even touch on the privacy-issues yet. Breaking into a computer infringes the privacy not only of the suspect, but of all non-suspects whose data is also on the computer. And, somewhat related to this, the value of evidence gathered via these methods is at the least less obvious and will be harder to assess in court. The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.

International opposition is necessary

A legislative text implementing the highly controversial proposal will be introduced to parliament in the coming months. The law does not only concern the Netherlands: it concerns all countries whose IT-infrastructure may be affected. Bits of Freedom therefore calls on other countries to oppose the proposal. Laws like these make the internet a more dangerous place.

Gee Plaster

And how will they react when an extraction team has captured and brought the warrant issuing judge and dutch police officers who executed that warrant to the country where the performed the cybercrime?

wow

Daniel Lyons

Did I miss something? Why does the Dutch government want to invade our computers? What would they be looking for that would justify using totalitarian tactics upon a free people who have the right to privacy unless there is reasonable cause to suspect a crime being committed?

They look for anything that is not confirming their standards. In the old days the elite rulers burned the books of some people, but that is so nineties today. By destroying the information they try to stop people from getting to information they do not want you to see. Like the moon landings or 9-11 just to name a few.
Peace to you all

Van Gaal

Anoniem

Peter Westerhof

The reaction by BoF is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.

Ot van Daalen

Peter Westerhof

I really think this is not a entirely fully correct representation of the matter at hand.

– – –

This a letter by the Minister of Security and Justice to the Dutch House of Representatives as a reaction to its request to that effect.

The letter’s summary states : “This letter contains proposals to, within the framework of the rule of law, proportionality, subsidiarity and respect for the privacy of citizens, a number of issues to be worked out into in legislation to strengthen the powers for the investigation and prosecution of cybercrime. The goal of this new legislation is to adapt the legal framework for the investigation and prosecution of cybercrime, by the services responsible for the investigation and prosecution of cybercrime, to identified needs.”

– – –

So the letter states the intention to undertake preparations which may serve to design proposals for new law in a catch-up effort to strengthen the investigation and prosecution of cybercrime.
The letter specifically targets issues with obstructions to law enforcements efforts ; f.i. encrypted storage of child porn.

So, mind you, this is a 3-stage effort and not law to take effect very shortly. This is therefore something entirely different than “powers proposed”.
Also stating “powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands.” is misquoting the letter, the letter’s summary to begin with, and is in my opinion suggestive.
This is not helping things, let alone guarding the Rule of Law and the protection of civil liberties.

Ot van Daalen

@Peter: Thank you for your valuable comments. You’re right: the government did not yet introduce a legislative text. However, the powers envisaged in the letter are crystal clear: to break into computers, to search computers and to destroy data on computers. I agree that exaggeration only has an adverse effect, but we do not exaggerate (unfortunately). And to be sure: the goal of the proposal is entirely legitimate, but even then, these measures have to comply with human rights law and broader effects on cybersecurity need to be investigated.

“The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police.” – or fabricated by a third party, either locally or from a remote location.

Anoniem

I do not believe the Dutch, a reasonable people, would think themselves so high and mighty to break international law. It would obviously be an act of war. This is just another example of government overpowering the will of the people.

If they did this sort of thing in America, would we be wrong in sending a JDAM into the heart of the Netherlands? Poor taste, really. Are you guys out of your mind?

[…] in cyberspace for the sake of fighting and preventing crime. In the Netherlands, the government has pushed the parliament to pass a law to facilitate police surveillance across international borders. […]

[…] (computers, phones, etc.), under certain circumstances. The proposal was covered on Slashdot and criticized by Bits of Freedom. In May 2013, the Dutch govt submitted the proposal for public consultation. […]

[…] wanting to grant police the right to hack into suspects computers, even across borders. In an article on their blog, they outline the cybersecurity risks related to this proposal. I’m also hoping for a lot of […]